08-15-2016 02:38 AM - edited 03-10-2019 11:59 PM
I'm trying to develop a 802.1x server soft like FreeRadius, it support PEAP-MSCHAPV2 authentication.
When I test this soft, TLS tunnel setup success, but authentication failed at MSCHCAPV2 part. Client PC(Win 7) respond MSCHAPV2 challenge response, and server soft check NT-Response success and send MSCHAPV2 success request to client.
But client don't respond with MSCHAPV2 success response, it seems client check authenticator response failed.
The function I developed to generate authenticator response GenerateAuthenticatorResponse() works right like RFC2759 9.2 Hash Example.
So I don't know why win7 client don't respond with MSCHAPV2 success response. Does Win7 PEAP-MSCHAPV2 implementation has some difference with RFC2759 ?
08-15-2016 03:36 PM
Hi Chad,
Please find below KB, which resolved such issue:
https://support.microsoft.com/en-us/kb/2481614
Let me know in case you come across any issue.
08-15-2016 11:33 PM
Hi karans,
Thank you for your answer.But this hotfix doesn't work.
The soft I'm trying to develop is a local authentication module work in switch, so user can authenticate without Radius server.
Client PC can authenticate with winserver 2008 and freeradius, but failed with this soft.
I found that in sucees authentication packet, FreeRadius sent mschapv2 success request's length in TLS record layer is 80 octes.
My soft sent mschapv2 success request's length in TLS record layer is 72 octes, and it's message field only contain S=<auth_string>.
If FreeRadius sent mschapv2 success request's message contains M=<message> part ? Or it's caused by different TLS cipher.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide